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PREFACE 


This document is one of the family of publications that describe the network protocols 
underlying Xerox Network Systems (XNS). 

Xerox Network Systems comprise a variety of digital processors interconnected by means of 
a variety of transmission media. System elements communicate both to transmit infor¬ 
mation between users and to share resources economically. For system elements to com¬ 
municate with one another, certain standard protocols must be observed. 

Comments and suggestions on this document and its use are encouraged. Please address 
communications to: 

Xerox Corporation 
Xerox Systems Institute (XSI) Office 
475 Oakmead Parkway, Bldg. 5 
Sunnyvale, California 94086 
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INTRODUCTION 


This document defines the types and formats of certain secondary credentials. Secondary 
credentials are arbitrary authentication data required by certain recipients, such as those 
implemented on foreign operating systems. The formats are defined in terms of Courier [1] 
data types. 


1.1 Purpose 


The format of the secondary credentials required varies from one recipient to another, as the 
requirements for auxiliary authentication data vary. In order to communicate successfully 
with a recipient, the initiator must supply any secondary credentials in the proper format. 
Secondary credentials formats are defined here as an aid to communicating the desired 
format from the recipient to the initiator. In addition to specifying the structure of the 
values, this document describes how the values are intended to be used. This information is 
required for sharing of these formats. Format numbers for secondary credentials are 
administered as described in Appendix B. 


1.2 Documentation conventions 


Courier text and examples are depicted in special fonts, and generally conform to a certain 
style. The rules and style are set forth below. 

Throughout this document, special fonts are used to depict Courier text instead of using 
quote marks or other delimiters. This convention also aids the eye in discriminating 
between Courier text and the exposition. Items in this font indicate elements of the Courier 
language and are almost always in upper case. This font indicates items that are defined 
using the Courier language. 

Identifiers that are defined in this protocol (as opposed to being defined by Courier) will have 
their first letter capitalized if they are the name of a type, error, or procedure; identifiers 
with a lower case first letter are usually the names of variables, arguments, or results. 


1.3 Document organization 


Chapter 2 of this document defines the formats of the standard secondary credentials types. 
Appendix A lists other documents which supplement the specification. Appendix B explains 
how to acquire a block of secondary credentials types. 
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SECONDARY FORMATS 


Secondary credentials consist of a sequence of secondary items, each of which contains a 
component of the secondary credentials information. This document defines secondary 
items and how to group them into the secondary credentials required by hybrid hosts. Users 
of secondary credentials may use the administrative procedures defined in Appendix B to 
register new secondary items. 

Secondary: TYPE a sequence 10 of Secondaryltem; 

Up to 10 secondary items may be grouped as the constituents of a value of secondary 
credentials. 


2.1 Secondary items 


Each secondary item consists of a type and a value. 

SecondaryltemType: TYPE ■ long cardinal; 

Secondaryltem: type ■ record( 
type: SecondaryltemType, 
value: SEQUENCE OF UNSPECIFIED]; 

Also associated with each secondary item type is a recommendation as to the privacy of the 
item. This privacy level can be used by clients to determine, for example, whether a user- 
supplied value for an item should be echoed to the user. This privacy level is specified in this 
document, but is not reflected in any data structures—that is, the privacy level associated 
with a secondary item type is documented, but not transmitted. 

systemPassword: SecondaryltemType ■ 1; 

SystemPassword: type = string; -- value is private 

The SystemPassword is used to control access to the hybrid system itself. When used, it 
generally is applied before other secondary items. If a system password exists, it normally 
has one value for the entire set of users. 

userName: SecondaryltemType » 2; 

UserName: type = string; - value is not private 

userPassword: SecondaryltemType a 3; 

UserPassword: type = string; - value is private 

userPassword2: SecondaryltemType a 4; 

UserPassword2: type = string; -- value is private 
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The UserName and UserPassword identify the user to the hybrid operating system. In those 
cases in which a secondary password is required by the operating system, UserPassword2 is. 
used. Although not a requirement, a user normally has a single set of values for UserName 
and UserPassword(2) on a given system element. 

userServiceName: SecondaryltemType ■ 5; 

UserServiceName: type = string; -- value is not private 

userServicePassword: SecondaryltemType ■ 6; 

UserServicePassword: type = string; - value is private 

userServicePassword2: SecondaryltemType ■ 7; 

UserServicePassword2: type = string; -- value is private 

In certain cases, access to a service running on the operating system is controlled, in 
addition to controlling access to the operating system itself. In these cases, 
UserServiceName , UserServicePassword, and UserServicePassword2 identify the user to 
the individual service. 

accountName: SecondaryltemType » 8; 

AccountName: type = string; -- value is not private 

accountPassword: SecondaryltemType ■ 9; 

AccountPassword: type = string; - value is private 

accountPassword2: SecondaryltemType >10; 

AccountPassword2: type = string; - value is private 

In some cases, the entity which is considered to be logged on is not a user, but an account. In 
these cases, values for AccountName, AccountPassword, and AccountPassword2 can be 
supplied. 

Alternatively, accounting information may be required at the time a user is authenticated. 
In this case, AccountName may be used to transmit this information. 

secondarystring: SecondaryltemType ■ 1000; 

Secondary String: type = string; - value is not private 

privateSecondaryString: SecondaryltemType ■ 1001; 

PrivateSecondaryString: type » string; -- value is private 

Secondarystring and PrivateSecondaryString may be used to transmit secondary 
credentials information which is not of one of the aforementioned types. This is useful if a 
service has requirements for credentials which are not standardized. 
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REFERENCES 


The following documents supplement this protocol specification. 

[1] Xerox Corporation. Courier: The Remote Procedure Call Protocol. Xerox System 
Integration Standard. Stamford, Connecticut. December 1981. XSIS 038112. 

This reference defines the Courier language, in terms of which the secondary credentials 
formats are defined. 
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TYPE ASSIGNMENT PROCEDURES 


As stated in this document, format types are assigned 32-bit numbers that are unique 
throughout the distributed system. The number space is administered by Xerox 
Corporation. To obtain a block of numbers, submit a written request to: 

Xerox Corporation 
Xerox Systems Institute (XSI) Office 
475 Oakmead Parkway, Bldg. 5 
Sunnyvale, California 94086 

Implementors are encouraged to apply for unique blocks of numbers for their particular 
applications. Uniqueness allows systems to freely interconnect without having to worry 
about overlapping values. 

Format numbers should be used with economy, as the total number of blocks is limited. If an 
implementation is using a large quantity of these format type numbers, the designer ha.s 
probably misunderstood their purpose. 
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